US7372839B2 - Global positioning system (GPS) based secure access - Google Patents

Global positioning system (GPS) based secure access Download PDF

Info

Publication number
US7372839B2
US7372839B2 US10/807,686 US80768604A US7372839B2 US 7372839 B2 US7372839 B2 US 7372839B2 US 80768604 A US80768604 A US 80768604A US 7372839 B2 US7372839 B2 US 7372839B2
Authority
US
United States
Prior art keywords
mobile terminal
location
access
computer network
time varying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US10/807,686
Other versions
US20050213519A1 (en
Inventor
Sandeep Relan
Brajabandhu Mishra
Rajendra Khare
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Avago Technologies International Sales Pte Ltd
Original Assignee
Broadcom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Broadcom Corp filed Critical Broadcom Corp
Priority to US10/807,686 priority Critical patent/US7372839B2/en
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KHARE, RAJENDRA, MISHRA, BRAJABANDHU, RELAN, SANDEEP
Priority to EP20050003163 priority patent/EP1580641A3/en
Priority to CNB2005100600105A priority patent/CN1332281C/en
Priority to US11/220,185 priority patent/US20060020960A1/en
Publication of US20050213519A1 publication Critical patent/US20050213519A1/en
Priority to US12/047,961 priority patent/US20080248812A1/en
Publication of US7372839B2 publication Critical patent/US7372839B2/en
Application granted granted Critical
Assigned to BANK OF AMERICA, N.A., AS COLLATERAL AGENT reassignment BANK OF AMERICA, N.A., AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: BROADCOM CORPORATION
Assigned to AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. reassignment AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BROADCOM CORPORATION
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS Assignors: BANK OF AMERICA, N.A., AS COLLATERAL AGENT
Assigned to AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED reassignment AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED MERGER (SEE DOCUMENT FOR DETAILS). Assignors: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.
Assigned to AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED reassignment AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED CORRECTIVE ASSIGNMENT TO CORRECT THE EFFECTIVE DATE OF MERGER PREVIOUSLY RECORDED ON REEL 047195 FRAME 0658. ASSIGNOR(S) HEREBY CONFIRMS THE THE EFFECTIVE DATE IS 09/05/2018. Assignors: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.
Assigned to AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED reassignment AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED CORRECTIVE ASSIGNMENT TO CORRECT THE ERROR IN RECORDING THE MERGER PREVIOUSLY RECORDED AT REEL: 047357 FRAME: 0302. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT. Assignors: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • H04W12/64Location-dependent; Proximity-dependent using geofenced areas
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • Passwords are a commonly practiced security measure that prevents unauthorized users from accessing computer systems as well as identifying authorized users during an access. However, unauthorized users have used a variety of measures to ascertain the passwords of authorized users.
  • the unauthorized user can access the computer system in the same manner as the authorized user. Often times, the unauthorized user accesses the computer system for malicious purposes. The activity of the unauthorized user is generally not detected until significant damage or disruptions have occurred.
  • Requiring authorized users to change their passwords at regular intervals can curtail, at least to some extent, the activities of unauthorized users.
  • the regular interval time period is usually several weeks or months. During this time period, an unauthorized user can cause significant damage and disruption. Even if the user changes password daily, it could still not be effective to inhibit unauthorized user to do significant damage and disruption for that duration.
  • some computer systems use a time varying randomly generated password for each authorized user.
  • the administrator of the computer system provides each authorized user with a device.
  • the device includes a pseudo-random number generator that generates a code at relatively short time intervals, such as every minute.
  • the computer system is also equipped to determine the pseudo-random number at a given time.
  • the authorized user uses the code generated and displayed by the device as the password.
  • the foregoing provides for quickly changing passwords that are valid for short times. Accordingly, even if an unauthorized user does obtain a password, the password is valid for a very short time period. This significantly curtails the damage that an unauthorized user can do.
  • Such computer networks can still be exposed to unauthorized users.
  • some computer systems also require access by authorized users from a particular client terminal.
  • the particular client terminal is known as a secure terminal and is preferably located in a physically secured location. Accordingly, in order to gain unauthorized access to such a computer network, an unauthorized user would also have to physically breach the physical security at the secured location.
  • a method for granting access to a computer network comprises receiving a request for access to the computer network; determining whether a mobile terminal is within a predetermined location; granting access to the computer network, if the mobile terminal is within the predetermined location; and denying access to the computer network, if the mobile terminal is outside of the predetermined location.
  • an article of manufacture comprises a computer readable medium.
  • the computer readable medium stores a plurality of executable instructions.
  • the plurality of executable instructions are for receiving a request for access to the computer network; determining whether a mobile terminal is within a predetermined location; and granting access to the computer network, if the computer terminal is within the predetermined location; denying access to the computer network, if the computer terminal is outside of the predetermined location.
  • a communication network for granting access to a computer network.
  • the communication network comprises a server, and a wireless network.
  • the server receives a request for access to the computer network.
  • the wireless server determines the location of the mobile terminal through the communication medium using ‘Global Positioning System (GPS) technique.
  • GPS Global Positioning System
  • the server granting access to the computer network is dependent on the location of the mobile terminal.
  • FIG. 1 is a block diagram of a communication system for providing secure access to a computer network in accordance with an embodiment of the present invention
  • FIG. 2 is a flow diagram describing the operation of the server in accordance with an embodiment of the present invention.
  • FIG. 3 is a block diagram of an exemplary Global System for Mobile Communication Public Land Mobile Network that can be used in accordance with an embodiment of the present invention
  • FIG. 4 is a signal flow diagram describing the operation of a communication network in accordance with an embodiment of the present invention.
  • FIG. 5 is a block diagram describing an exemplary hardware environment where an embodiment of the present invention can be practiced.
  • FIG. 1 there is illustrated a block diagram of an exemplary communication system for configuring a mobile terminal to provide a time varying random password in accordance with an embodiment of the present invention.
  • the system includes a computer network 100 and a wireless network 130 .
  • the computer network 100 includes a server 105 that is accessible over a computer network 100 by a client terminal 115 in a physical location 117 .
  • the computer network 100 is any electronic or optical information distribution network and can comprise any combination of a variety of communication media, such as, but not limited to, the internet, the public switched telephone network, a local area network (LAN), and a wide area network (WAN).
  • LAN local area network
  • WAN wide area network
  • the server 105 may provide access to a database storing sensitive information or the like, or allow individuals to perform various transactions. Accordingly, it is important to control access to the server 105 . As a result, the server 105 requires a password from the client terminal 115 that validates the identity of the user at the client terminal 115 .
  • the computer network 100 requires the authorized user to access the computer network 100 from the physical location 117 .
  • the particular physical location 117 is preferably a physically secured location that is not accessible by the general public.
  • the computer network 100 requests the user to provide a password.
  • the computer network 100 uses the wireless network 130 , via terminal 125 to locate the position of a mobile terminal 120 associated with the user.
  • the terminal 125 is a terminal that has access to the wireless network 130 , either directly, or via another network.
  • the terminal 125 can comprises a computer connected to either the wireless network 130 or the public switched telephone network.
  • the computer network 100 grants access to the user, if the user provides the proper password, and the mobile terminal 120 is located in the physical location 117 .
  • an unauthorized user needs, not only an authorized user's password, but also the ability to place the authorized user's mobile terminal 120 at the physical location 117 to access the computer network 100 . Furthermore, even if an unauthorized user succeeds in remotely accessing the client terminal 115 , the computer network 100 will not grant the unauthorized user access to the computer network 100 . Accordingly, remote access need not be cut off from the client terminal 115 . This allows the client terminal 115 to be used for other purposes, such as accessing the internet.
  • the computer network 100 can use time varying randomly generated passwords.
  • the time varying randomly generated passwords can be displayed on the mobile terminal 120 .
  • Exemplary systems and methods for the foregoing are described in “INTEGRATION OF SECURE IDENTIFICATION CARDS INTO CELL PHONE”, U.S. application for patent Ser. No. 10/801,470, by Relan, et al., filed Mar. 16, 2004, which is incorporated herein by reference.
  • the authorized user provides the time varying randomly generated password displayed on the mobile terminal 120 .
  • This additional feature virtually assures that the accessing user himself is at the physical location 117 .
  • the mobile terminal 120 can also be integrated into the client terminal 115 for ease of use.
  • the server 105 receives a request for access to the computer network 100 .
  • the server 105 requests the password from the user.
  • a number of schemes can be used for allocating the password.
  • the password can be a time varying randomly generated alpha-numeric number.
  • the server 105 determines whether the password provided is the correct password. If at 165 , the password provided during 160 is incorrect, the server 105 requests the password again from the user a predetermined number of times. If after the predetermined number of times ( 175 ) the user has failed to provide the correct password, the server 105 denies access ( 180 ).
  • the server 105 When the user provides the correct password at 165 , the server 105 then requests, via terminal 125 , a wireless network to check ( 185 ) the location of the mobile terminal 120 to determine ( 190 ) if the mobile terminal 120 is located within location 117 . If the mobile terminal 120 is within location 117 , the server 105 grants access ( 195 ) to the authorized user. If the mobile terminal 120 is not within the location 117 , the server 105 denies ( 180 ) access.
  • the server 105 checks the location of the mobile terminal 120 using a wireless network 130 .
  • the wireless network 130 can comprise a variety of communication networks, such as, but not limited to, the Global System for Mobile (GSM) Communications, or the Personal Communication Services (PCS) network, IEEE 802.11 Wireless LAN network, Ethernet etc.
  • GSM Global System for Mobile
  • PCS Personal Communication Services
  • the PMLN 210 is composed of a plurality of areas 212 , each with a node known as a Mobile Switching Center (MSC) 214 and an integrated Visitor Location Register (VLR) 216 therein.
  • the MSC/VLR areas 212 include a plurality of Location Areas (LA) 218 , which are defined as that part of a given MSC/VLR area 212 in which a mobile terminal 120 may move freely without having to send update location information to the MSC/VLR area 212 that controls the LA 218 .
  • LA Location Areas
  • Each Location Area 212 is divided into a number of cells 222 .
  • the mobile terminal 220 is the physical equipment, e.g., a car phone or other portable phone, used by mobile subscribers to communicate with the cellular network 210 , each other, and users outside the subscribed network, both wireline and wireless.
  • the MSC 214 is in communication with at least one Base Station Controller (BSC) 223 , which, in turn, is in contact with at least one Base Transceiver Station (BTS) 224 .
  • BSC Base Station Controller
  • BTS Base Transceiver Station
  • the BTS is a node comprising the physical equipment, illustrated for simplicity as a radio tower, that provides radio coverage to the geographical part of the cell 222 for which it is responsible.
  • the BSC 223 may be connected to several base transceiver stations 224 , and may be implemented as a stand-alone node or integrated with the MSC 214 .
  • the BSC 223 and BTS 224 components, as a whole, are generally referred to as a Base Station System (BSS) 225 .
  • BSS Base Station System
  • At least one of the MSCs 214 are connected to the public switched telephone network (PSTN).
  • PSTN public switched telephone network
  • the PLMN Service Area or wireless network 210 includes a Home Location Register (HLR) 226 , which is a database maintaining all subscriber information, e.g., user profiles, current location information, International Mobile Subscriber Identity (IMSI) numbers, and other administrative information.
  • HLR Home Location Register
  • the HLR 226 may be co-located with a given MSC 214 , integrated with the MSC 214 , or alternatively can service multiple MSCs 214 , the latter of which is illustrated in FIG. 3 .
  • the VLR 216 is a database containing information about all of the mobile terminals 120 currently located within the MSC/VLR area 212 . If a mobile terminal 120 roams into a new MSC/VLR area 212 , the VLR 216 connected to that MSC 214 will request data about that mobile terminal 120 from the HLR database 226 (simultaneously informing the HLR 226 about the current location of the mobile terminal 120 ). Accordingly, if the user of the mobile terminal 120 then wants to make a call, the local VLR 216 will have the requisite identification information without having to re-interrogate the HLR 226 . In the afore-described manner, the VLR and HLR databases 216 and 226 , respectively, contain various subscriber information associated with a given mobile terminal 120 .
  • the GSM PLMN 210 also includes the capabilities of locating a mobile terminal 120 , using what is known as a Global Positioning System (GPS).
  • GPS uses a number of BTSs 224 in the vicinity of the mobile terminal 120 to determine the physical location of the mobile terminal 120 .
  • Each of the number of BTSs 224 use radio signals to determine the distance of the mobile terminal 120 from each BTS 224 .
  • the BTSs 224 transmit signals to the mobile terminal 120 . Responsive to receiving the signal from the BTSs 224 , the mobile terminal 120 transmits radio signals.
  • the radio signals transmitted by the mobile terminal 120 are indicative of the time that the mobile terminal 120 transmits the signals.
  • the distance between the mobile terminal 120 and the BTSs 224 can be determined from the time delay between the transmission of the signals and the receipt of the signals at the BTSs 224 .
  • a GPS node 236 determines and triangulates the distances from several BTSs 224 to determine the physical location of the mobile terminal 120 .
  • the computer network 100 requests the GSM PLMN 210 to use the GPS to locate the mobile terminal 120 . Responsive thereto, the GSM PLMN 210 reports the location of the mobile terminal 120 to the computer network 100 . The computer network 100 then determines whether the mobile terminal 120 is within the physical location 117 . If the mobile terminal 120 is within the physical location 117 and the user provides the correct password, the computer network 100 grants access.
  • a user requests access to the computer network 100 by providing a password (signal 405 ) to the server 105 of the computer network 100 .
  • the server 105 validates the password ( 410 ).
  • the server 105 then sends a request (signal 415 ) for the position of the mobile terminal 120 associated with the authorized user, to a GPS node 236 associated with the wireless network 130 .
  • the infrastructure of the wireless network 130 routes the request to an MSC 214 associated with the mobile terminal 120 .
  • the MSC 214 commands (signal 420 ) several BTSs 224 to determine the distance between the said BTS and the mobile terminal 120 .
  • the BTSs 224 transmit radio signals (signal 425 ) to the mobile terminal 120 and receive radio signals (signal 430 ) from the mobile terminal 120 .
  • the radio signals transmitted by the mobile terminal 120 are indicative of the time that the mobile terminal 120 transmits the signals. Accordingly, the distance between the mobile terminal 120 and the BTSs 224 can be determined from the time delay between the transmission of the signals and the receipt of the signals at the BTSs 224 .
  • the BTSs 224 provide the time of receipt of the signals from the mobile terminal 120 to a GPS node 236 (signal 435 ).
  • the GPS node 236 determines and triangulates ( 440 ) the distances from several BTSs 224 to determine the physical location of the mobile terminal 120 .
  • the GPS node 236 then provides the physical location (signal 445 ) of the mobile terminal 120 to the server 105 , via terminal 125 .
  • the server 105 determines ( 450 ) whether the mobile terminal 120 is within the physical location 117 and denies or grants access, thereon.
  • a CPU 60 is interconnected via system bus 62 to random access memory (RAM) 64 , read only memory (ROM) 66 , an input/output (I/O) adapter 68 , a user interface adapter 72 , a communications adapter 84 , and a display adapter 86 .
  • the input/output (I/O) adapter 68 connects peripheral devices such as hard disc drives 40 , floppy disc drives 41 for reading removable floppy discs 42 , and optical disc drives 43 for reading removable optical disc 44 (such as a compact disc or a digital versatile disc) to the bus 62 .
  • the user interface adapter 72 connects devices such as a keyboard 74 , a mouse 76 having a plurality of buttons 67 , a speaker 78 , a microphone 82 , and/or other user interface devices such as a touch screen device (not shown) to the bus 62 .
  • the communications adapter 84 connects the computer system to a data processing network 92 .
  • the display adapter 86 connects a monitor 88 to the bus 62 .
  • An embodiment of the present invention can be implemented as a file resident in the random access memory 64 of one or more computer systems 58 configured generally as described in FIG. 5 .
  • the file may be stored in another computer readable memory, for example in a hard disc drive 40 , or in removable memory such as an optical disc 44 for eventual use in an optical disc drive 43 , or a floppy disc 42 for eventual use in a floppy disc drive 41 .
  • the file can contain a plurality of instructions executable by the computer system, causing the computer system to perform various tasks, such effectuating the flow chart described in FIG. 2 .
  • the physical storage of the sets of instructions physically changes the medium upon which it is stored electrically, magnetically, or chemically so that the medium carries computer readable information.

Abstract

Presented herein are systems and methods for global positioning system based secure access. A request for access to a computer network is received. A determination is made whether a mobile terminal is within a predetermined location. If the mobile terminal is within the predetermined location, access is granted. If the mobile terminal is outside of the predetermined location, access to the computer network is denied.

Description

RELATED APPLICATIONS
[Not Applicable]
FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
[Not Applicable]
MICROFICHE/COPYRIGHT REFERENCE
[Not Applicable]
BACKGROUND OF THE INVENTION
Passwords are a commonly practiced security measure that prevents unauthorized users from accessing computer systems as well as identifying authorized users during an access. However, unauthorized users have used a variety of measures to ascertain the passwords of authorized users.
Once an unauthorized user has obtained an authorized user's password, the unauthorized user can access the computer system in the same manner as the authorized user. Often times, the unauthorized user accesses the computer system for malicious purposes. The activity of the unauthorized user is generally not detected until significant damage or disruptions have occurred.
Requiring authorized users to change their passwords at regular intervals can curtail, at least to some extent, the activities of unauthorized users. However, the regular interval time period is usually several weeks or months. During this time period, an unauthorized user can cause significant damage and disruption. Even if the user changes password daily, it could still not be effective to inhibit unauthorized user to do significant damage and disruption for that duration.
As a result, some computer systems use a time varying randomly generated password for each authorized user. The administrator of the computer system provides each authorized user with a device. The device includes a pseudo-random number generator that generates a code at relatively short time intervals, such as every minute. The computer system is also equipped to determine the pseudo-random number at a given time. When the authorized user seeks to access the computer system, the authorized user uses the code generated and displayed by the device as the password.
The foregoing provides for quickly changing passwords that are valid for short times. Accordingly, even if an unauthorized user does obtain a password, the password is valid for a very short time period. This significantly curtails the damage that an unauthorized user can do.
Nevertheless, such computer networks can still be exposed to unauthorized users. As an additional security precaution, some computer systems also require access by authorized users from a particular client terminal. The particular client terminal is known as a secure terminal and is preferably located in a physically secured location. Accordingly, in order to gain unauthorized access to such a computer network, an unauthorized user would also have to physically breach the physical security at the secured location.
An unauthorized user can bypass the physical security at the secured location by gaining remote access to the secure terminal. Accordingly, remote access is usually cut off from the secure terminal. However, cutting off remote access to the terminal generally cuts of all communication between the secure terminal and the outside world, except between the secure terminal and the server for the computer network. This essentially reduces the secure terminal to a dedicated terminal for accessing the computer network.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of ordinary skill in the art through comparison of such systems with the present invention as set forth in the remainder of the present application with reference to the drawings.
BRIEF SUMMARY OF THE INVENTION
Presented herein are systems and methods for global positioning system based secure access.
In one embodiment, there is presented a method for granting access to a computer network. The method comprises receiving a request for access to the computer network; determining whether a mobile terminal is within a predetermined location; granting access to the computer network, if the mobile terminal is within the predetermined location; and denying access to the computer network, if the mobile terminal is outside of the predetermined location.
In another embodiment, there is presented an article of manufacture. The article of manufacture comprises a computer readable medium. The computer readable medium stores a plurality of executable instructions. The plurality of executable instructions are for receiving a request for access to the computer network; determining whether a mobile terminal is within a predetermined location; and granting access to the computer network, if the computer terminal is within the predetermined location; denying access to the computer network, if the computer terminal is outside of the predetermined location.
In another embodiment, there is presented a communication network for granting access to a computer network. The communication network comprises a server, and a wireless network. The server receives a request for access to the computer network. The wireless server determines the location of the mobile terminal through the communication medium using ‘Global Positioning System (GPS) technique. The server granting access to the computer network is dependent on the location of the mobile terminal.
These and other advantages and novel features of the present invention, as well as details of an illustrated embodiment thereof, will be more fully understood from the following description and drawings.
BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS
FIG. 1 is a block diagram of a communication system for providing secure access to a computer network in accordance with an embodiment of the present invention;
FIG. 2 is a flow diagram describing the operation of the server in accordance with an embodiment of the present invention;
FIG. 3 is a block diagram of an exemplary Global System for Mobile Communication Public Land Mobile Network that can be used in accordance with an embodiment of the present invention;
FIG. 4 is a signal flow diagram describing the operation of a communication network in accordance with an embodiment of the present invention; and
FIG. 5 is a block diagram describing an exemplary hardware environment where an embodiment of the present invention can be practiced.
 DETAILED DESCRIPTION OF THE INVENTION
Referring now to FIG. 1, there is illustrated a block diagram of an exemplary communication system for configuring a mobile terminal to provide a time varying random password in accordance with an embodiment of the present invention. The system includes a computer network 100 and a wireless network 130.
The computer network 100 includes a server 105 that is accessible over a computer network 100 by a client terminal 115 in a physical location 117. The computer network 100 is any electronic or optical information distribution network and can comprise any combination of a variety of communication media, such as, but not limited to, the internet, the public switched telephone network, a local area network (LAN), and a wide area network (WAN).
The server 105 may provide access to a database storing sensitive information or the like, or allow individuals to perform various transactions. Accordingly, it is important to control access to the server 105. As a result, the server 105 requires a password from the client terminal 115 that validates the identity of the user at the client terminal 115.
As an additional layer of security, the computer network 100 requires the authorized user to access the computer network 100 from the physical location 117. The particular physical location 117 is preferably a physically secured location that is not accessible by the general public. When an authorized user attempts to access the computer network 100, the computer network 100 requests the user to provide a password. Additionally, the computer network 100 uses the wireless network 130, via terminal 125 to locate the position of a mobile terminal 120 associated with the user. The terminal 125 is a terminal that has access to the wireless network 130, either directly, or via another network. For example, the terminal 125 can comprises a computer connected to either the wireless network 130 or the public switched telephone network.
The computer network 100 grants access to the user, if the user provides the proper password, and the mobile terminal 120 is located in the physical location 117.
It is noted now that an unauthorized user needs, not only an authorized user's password, but also the ability to place the authorized user's mobile terminal 120 at the physical location 117 to access the computer network 100. Furthermore, even if an unauthorized user succeeds in remotely accessing the client terminal 115, the computer network 100 will not grant the unauthorized user access to the computer network 100. Accordingly, remote access need not be cut off from the client terminal 115. This allows the client terminal 115 to be used for other purposes, such as accessing the internet.
In one embodiment, as an additional security feature, the computer network 100 can use time varying randomly generated passwords. The time varying randomly generated passwords can be displayed on the mobile terminal 120. Exemplary systems and methods for the foregoing are described in “INTEGRATION OF SECURE IDENTIFICATION CARDS INTO CELL PHONE”, U.S. application for patent Ser. No. 10/801,470, by Relan, et al., filed Mar. 16, 2004, which is incorporated herein by reference. During access, the authorized user provides the time varying randomly generated password displayed on the mobile terminal 120. This additional feature virtually assures that the accessing user himself is at the physical location 117. The mobile terminal 120 can also be integrated into the client terminal 115 for ease of use.
Referring now to FIG. 2, there is illustrated a block diagram describing the operation of the server 105 in accordance with an embodiment of the present invention. At 155, the server 105 receives a request for access to the computer network 100. At 160, the server 105 requests the password from the user. As noted above, a number of schemes can be used for allocating the password. In one embodiment, the password can be a time varying randomly generated alpha-numeric number.
At 165, the server 105 determines whether the password provided is the correct password. If at 165, the password provided during 160 is incorrect, the server 105 requests the password again from the user a predetermined number of times. If after the predetermined number of times (175) the user has failed to provide the correct password, the server 105 denies access (180).
When the user provides the correct password at 165, the server 105 then requests, via terminal 125, a wireless network to check (185) the location of the mobile terminal 120 to determine (190) if the mobile terminal 120 is located within location 117. If the mobile terminal 120 is within location 117, the server 105 grants access (195) to the authorized user. If the mobile terminal 120 is not within the location 117, the server 105 denies (180) access.
The server 105 checks the location of the mobile terminal 120 using a wireless network 130. The wireless network 130 can comprise a variety of communication networks, such as, but not limited to, the Global System for Mobile (GSM) Communications, or the Personal Communication Services (PCS) network, IEEE 802.11 Wireless LAN network, Ethernet etc.
Referring now to FIG. 3 there is illustrated a block diagram of a Global System for Mobile Communication (GSM) Public Land Mobile Network (PLMN) 210. The PMLN 210 is composed of a plurality of areas 212, each with a node known as a Mobile Switching Center (MSC) 214 and an integrated Visitor Location Register (VLR) 216 therein. The MSC/VLR areas 212, in turn, include a plurality of Location Areas (LA) 218, which are defined as that part of a given MSC/VLR area 212 in which a mobile terminal 120 may move freely without having to send update location information to the MSC/VLR area 212 that controls the LA 218. Each Location Area 212 is divided into a number of cells 222. The mobile terminal 220 is the physical equipment, e.g., a car phone or other portable phone, used by mobile subscribers to communicate with the cellular network 210, each other, and users outside the subscribed network, both wireline and wireless.
The MSC 214 is in communication with at least one Base Station Controller (BSC) 223, which, in turn, is in contact with at least one Base Transceiver Station (BTS) 224. The BTS is a node comprising the physical equipment, illustrated for simplicity as a radio tower, that provides radio coverage to the geographical part of the cell 222 for which it is responsible. It should be understood that the BSC 223 may be connected to several base transceiver stations 224, and may be implemented as a stand-alone node or integrated with the MSC 214. In either event, in one embodiment, the BSC 223 and BTS 224 components, as a whole, are generally referred to as a Base Station System (BSS) 225. At least one of the MSCs 214 are connected to the public switched telephone network (PSTN).
The PLMN Service Area or wireless network 210 includes a Home Location Register (HLR) 226, which is a database maintaining all subscriber information, e.g., user profiles, current location information, International Mobile Subscriber Identity (IMSI) numbers, and other administrative information. The HLR 226 may be co-located with a given MSC 214, integrated with the MSC 214, or alternatively can service multiple MSCs 214, the latter of which is illustrated in FIG. 3.
The VLR 216 is a database containing information about all of the mobile terminals 120 currently located within the MSC/VLR area 212. If a mobile terminal 120 roams into a new MSC/VLR area 212, the VLR 216 connected to that MSC 214 will request data about that mobile terminal 120 from the HLR database 226 (simultaneously informing the HLR 226 about the current location of the mobile terminal 120). Accordingly, if the user of the mobile terminal 120 then wants to make a call, the local VLR 216 will have the requisite identification information without having to re-interrogate the HLR 226. In the afore-described manner, the VLR and HLR databases 216 and 226, respectively, contain various subscriber information associated with a given mobile terminal 120.
The GSM PLMN 210 also includes the capabilities of locating a mobile terminal 120, using what is known as a Global Positioning System (GPS). The GPS uses a number of BTSs 224 in the vicinity of the mobile terminal 120 to determine the physical location of the mobile terminal 120. Each of the number of BTSs 224 use radio signals to determine the distance of the mobile terminal 120 from each BTS 224. The BTSs 224 transmit signals to the mobile terminal 120. Responsive to receiving the signal from the BTSs 224, the mobile terminal 120 transmits radio signals. The radio signals transmitted by the mobile terminal 120 are indicative of the time that the mobile terminal 120 transmits the signals. Accordingly, the distance between the mobile terminal 120 and the BTSs 224 can be determined from the time delay between the transmission of the signals and the receipt of the signals at the BTSs 224. A GPS node 236 determines and triangulates the distances from several BTSs 224 to determine the physical location of the mobile terminal 120.
In one embodiment of the present invention, during an attempted access by a user, the computer network 100 requests the GSM PLMN 210 to use the GPS to locate the mobile terminal 120. Responsive thereto, the GSM PLMN 210 reports the location of the mobile terminal 120 to the computer network 100. The computer network 100 then determines whether the mobile terminal 120 is within the physical location 117. If the mobile terminal 120 is within the physical location 117 and the user provides the correct password, the computer network 100 grants access.
Referring now to FIG. 4, there is illustrated a signal flow diagram describing the operation of the communication system in accordance with an embodiment of the present invention. A user requests access to the computer network 100 by providing a password (signal 405) to the server 105 of the computer network 100. The server 105 then validates the password (410). Upon validating the password, the server 105 then sends a request (signal 415) for the position of the mobile terminal 120 associated with the authorized user, to a GPS node 236 associated with the wireless network 130.
The infrastructure of the wireless network 130 routes the request to an MSC 214 associated with the mobile terminal 120. The MSC 214 commands (signal 420) several BTSs 224 to determine the distance between the said BTS and the mobile terminal 120. The BTSs 224 transmit radio signals (signal 425) to the mobile terminal 120 and receive radio signals (signal 430) from the mobile terminal 120.
The radio signals transmitted by the mobile terminal 120 are indicative of the time that the mobile terminal 120 transmits the signals. Accordingly, the distance between the mobile terminal 120 and the BTSs 224 can be determined from the time delay between the transmission of the signals and the receipt of the signals at the BTSs 224.
The BTSs 224 provide the time of receipt of the signals from the mobile terminal 120 to a GPS node 236 (signal 435). The GPS node 236 determines and triangulates (440) the distances from several BTSs 224 to determine the physical location of the mobile terminal 120. The GPS node 236 then provides the physical location (signal 445) of the mobile terminal 120 to the server 105, via terminal 125.
The server 105 then determines (450) whether the mobile terminal 120 is within the physical location 117 and denies or grants access, thereon.
Referring now to FIG. 5, there is illustrated a block diagram of an exemplary server 105 in accordance with an embodiment of the present invention. A CPU 60 is interconnected via system bus 62 to random access memory (RAM) 64, read only memory (ROM) 66, an input/output (I/O) adapter 68, a user interface adapter 72, a communications adapter 84, and a display adapter 86. The input/output (I/O) adapter 68 connects peripheral devices such as hard disc drives 40, floppy disc drives 41 for reading removable floppy discs 42, and optical disc drives 43 for reading removable optical disc 44 (such as a compact disc or a digital versatile disc) to the bus 62. The user interface adapter 72 connects devices such as a keyboard 74, a mouse 76 having a plurality of buttons 67, a speaker 78, a microphone 82, and/or other user interface devices such as a touch screen device (not shown) to the bus 62. The communications adapter 84 connects the computer system to a data processing network 92. The display adapter 86 connects a monitor 88 to the bus 62.
An embodiment of the present invention can be implemented as a file resident in the random access memory 64 of one or more computer systems 58 configured generally as described in FIG. 5. Until required by the computer system 58, the file may be stored in another computer readable memory, for example in a hard disc drive 40, or in removable memory such as an optical disc 44 for eventual use in an optical disc drive 43, or a floppy disc 42 for eventual use in a floppy disc drive 41. The file can contain a plurality of instructions executable by the computer system, causing the computer system to perform various tasks, such effectuating the flow chart described in FIG. 2.
It is noted that the physical storage of the sets of instructions physically changes the medium upon which it is stored electrically, magnetically, or chemically so that the medium carries computer readable information.
While the present invention has been described with reference to certain embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the present invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the present invention without departing from its scope. Therefore, it is intended that the present invention not be limited to the particular embodiment disclosed, but that the present invention will include all embodiments falling within the scope of the appended claims.

Claims (8)

1. A method for granting access to a computer network, said method comprising:
receiving a request for access to the computer network from a client terminal;
determining whether a mobile terminal providing a time varying password is within a predetermined location, said mobile terminal being separate from the client terminal;
requesting a wireless network to determine the location of the mobile terminal providing the time varying password using a global positioning system;
granting access to the computer network, if the mobile terminal is within the predetermined location, and if the time varying password provided by the mobile terminal is received within a particular time interval from the client terminal; and
otherwise denying access to the computer network.
2. The method of claim 1, wherein determining the location of the mobile terminal providing the time varying password further comprises:
determining the location of the mobile terminal based on the received password, wherein the time varying password is indicative of the location of the mobile terminal.
3. The method of claim 1, wherein the client terminal receives the time varying password from a keyboard.
4. The method of claim 3, wherein the mobile terminal comprises a cellular telephone.
5. An article of manufacture comprising a computer readable medium, said computer readable medium encoded with a plurality of executable instructions to be executed by a computer for performing:
receiving a request for access to a computer network from a client terminal;
determining, at least in part, whether a mobile terminal that provides a time varying password is within a predetermined location, said mobile terminal being separate from the client terminal;
requesting a wireless network to determine the location of the mobile terminal providing the time varying password using a global positioning system;
granting access to the computer network, if the mobile terminal is within the predetermined location, and if the time varying password is received from the client terminal within a predetermined time interval; and
otherwise denying access to the computer network.
6. The article of manufacture of claim 5, wherein determining the location of the mobile terminal further comprises:
determining the location of the mobile terminal based on the received time varying password, wherein the time varying password is indicative of the location of the mobile terminal.
7. The article of manufacture of claim 5, wherein the client terminal receives the time varying password from a keyboard.
8. The article of manufacture of claim 7, wherein the mobile terminal comprises a cellular telephone.
US10/807,686 2004-03-24 2004-03-24 Global positioning system (GPS) based secure access Expired - Lifetime US7372839B2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US10/807,686 US7372839B2 (en) 2004-03-24 2004-03-24 Global positioning system (GPS) based secure access
EP20050003163 EP1580641A3 (en) 2004-03-24 2005-02-15 Global positioning system (GPS) based secure access
CNB2005100600105A CN1332281C (en) 2004-03-24 2005-03-24 Global positioning system (gps) based secure access
US11/220,185 US20060020960A1 (en) 2004-03-24 2005-09-06 System, method, and apparatus for secure sharing of multimedia content across several electronic devices
US12/047,961 US20080248812A1 (en) 2004-03-24 2008-03-13 Global positioning system (gps) based secure access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/807,686 US7372839B2 (en) 2004-03-24 2004-03-24 Global positioning system (GPS) based secure access

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US11/220,185 Continuation-In-Part US20060020960A1 (en) 2004-03-24 2005-09-06 System, method, and apparatus for secure sharing of multimedia content across several electronic devices
US12/047,961 Continuation US20080248812A1 (en) 2004-03-24 2008-03-13 Global positioning system (gps) based secure access

Publications (2)

Publication Number Publication Date
US20050213519A1 US20050213519A1 (en) 2005-09-29
US7372839B2 true US7372839B2 (en) 2008-05-13

Family

ID=34862055

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/807,686 Expired - Lifetime US7372839B2 (en) 2004-03-24 2004-03-24 Global positioning system (GPS) based secure access
US12/047,961 Abandoned US20080248812A1 (en) 2004-03-24 2008-03-13 Global positioning system (gps) based secure access

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/047,961 Abandoned US20080248812A1 (en) 2004-03-24 2008-03-13 Global positioning system (gps) based secure access

Country Status (3)

Country Link
US (2) US7372839B2 (en)
EP (1) EP1580641A3 (en)
CN (1) CN1332281C (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070257831A1 (en) * 2006-04-28 2007-11-08 Loctronix Corporation System and method for positioning in configured environments
US20080051117A1 (en) * 2004-03-16 2008-02-28 Rajendra Khare Integration of secure identification logic into cell phone
US20080146193A1 (en) * 2006-12-15 2008-06-19 Avaya Technology Llc Authentication Based On Geo-Location History
US20080248812A1 (en) * 2004-03-24 2008-10-09 Sandeep Relan Global positioning system (gps) based secure access
US20080271150A1 (en) * 2007-04-30 2008-10-30 Paul Boerger Security based on network environment
US20080270013A1 (en) * 2007-04-26 2008-10-30 Aisin Aw Co., Ltd. Vehicle position information providing devices, methods, and programs
US20090222669A1 (en) * 2005-08-23 2009-09-03 Tea Vui Huang Method for controlling the location information for authentication of a mobile station
US20100070757A1 (en) * 2008-09-12 2010-03-18 Michael Anthony Martinez System and method to authenticate a user utilizing a time-varying auxiliary code
US20100090827A1 (en) * 2008-10-14 2010-04-15 Todd Gehrke Location based proximity alert
US8009013B1 (en) * 2007-09-21 2011-08-30 Precision Control Systems of Chicago, Inc. Access control system and method using user location information for controlling access to a restricted area
US20110296513A1 (en) * 2010-05-27 2011-12-01 Farhad Kasad Location based security token
US8196169B1 (en) * 2006-09-18 2012-06-05 Nvidia Corporation Coordinate-based set top box policy enforcement system, method and computer program product
US8203426B1 (en) 2007-07-11 2012-06-19 Precision Edge Access Control, Inc. Feed protocol used to report status and event information in physical access control system
US8904539B2 (en) 2013-03-07 2014-12-02 Ricoh Co., Ltd. Location constraints for template access and form activities
US9204294B2 (en) 2010-07-09 2015-12-01 Telecommunication Systems, Inc. Location privacy selector
US9455762B2 (en) 2006-04-28 2016-09-27 Telecommunication Systems, Inc. System and method for positioning using hybrid spectral compression and cross correlation signal processing
US9648002B2 (en) 2014-12-03 2017-05-09 Microsoft Technology Licensing, Llc Location-based user disambiguation
US10027648B2 (en) 2016-09-19 2018-07-17 International Business Machines Corporation Geolocation dependent variable authentication

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2600830A1 (en) 2005-03-15 2006-09-21 Trapeze Networks, Inc. System and method for distributing keys in a wireless network
US7551574B1 (en) * 2005-03-31 2009-06-23 Trapeze Networks, Inc. Method and apparatus for controlling wireless network access privileges based on wireless client location
US7734779B1 (en) * 2005-08-25 2010-06-08 Gregory Alexander Piccionelli Password protection system and method
US7724703B2 (en) 2005-10-13 2010-05-25 Belden, Inc. System and method for wireless network monitoring
WO2007044986A2 (en) 2005-10-13 2007-04-19 Trapeze Networks, Inc. System and method for remote monitoring in a wireless network
US7573859B2 (en) 2005-10-13 2009-08-11 Trapeze Networks, Inc. System and method for remote monitoring in a wireless network
US8638762B2 (en) 2005-10-13 2014-01-28 Trapeze Networks, Inc. System and method for network integrity
US7623875B2 (en) * 2006-04-24 2009-11-24 Gm Global Technology Operations, Inc. System and method for preventing unauthorized wireless communications which attempt to provide input to or elicit output from a mobile device
US7558266B2 (en) 2006-05-03 2009-07-07 Trapeze Networks, Inc. System and method for restricting network access using forwarding databases
US8966018B2 (en) 2006-05-19 2015-02-24 Trapeze Networks, Inc. Automated network device configuration and network deployment
US8818322B2 (en) 2006-06-09 2014-08-26 Trapeze Networks, Inc. Untethered access point mesh system and method
US9258702B2 (en) 2006-06-09 2016-02-09 Trapeze Networks, Inc. AP-local dynamic switching
US9191799B2 (en) 2006-06-09 2015-11-17 Juniper Networks, Inc. Sharing data between wireless switches system and method
CN101123644A (en) * 2006-08-11 2008-02-13 华为技术有限公司 An authorized management system and authorized management server
US8340110B2 (en) 2006-09-15 2012-12-25 Trapeze Networks, Inc. Quality of service provisioning for wireless networks
US7873061B2 (en) 2006-12-28 2011-01-18 Trapeze Networks, Inc. System and method for aggregation and queuing in a wireless network
US20090100260A1 (en) * 2007-05-09 2009-04-16 Gunasekaran Govindarajan Location source authentication
US8902904B2 (en) 2007-09-07 2014-12-02 Trapeze Networks, Inc. Network assignment based on priority
US8238942B2 (en) 2007-11-21 2012-08-07 Trapeze Networks, Inc. Wireless station location detection
SG155090A1 (en) * 2008-02-29 2009-09-30 Gueh How Kiap Improved transaction system and method
US8150357B2 (en) 2008-03-28 2012-04-03 Trapeze Networks, Inc. Smoothing filter for irregular update intervals
US8978105B2 (en) 2008-07-25 2015-03-10 Trapeze Networks, Inc. Affirming network relationships and resource access via related networks
US8238298B2 (en) 2008-08-29 2012-08-07 Trapeze Networks, Inc. Picking an optimal channel for an access point in a wireless network
US20120117632A1 (en) 2009-04-29 2012-05-10 Eloy Technology, Llc Method and system for authenticating a data stream
US9544147B2 (en) 2009-05-22 2017-01-10 Microsoft Technology Licensing, Llc Model based multi-tier authentication
WO2011027320A1 (en) * 2009-09-02 2011-03-10 Nokia Corporation Method and apparatus for providing a regional theft guard
WO2011027352A1 (en) * 2009-09-03 2011-03-10 Mcafee, Inc. Network access control
CN102571703A (en) * 2010-12-23 2012-07-11 鸿富锦精密工业(深圳)有限公司 Security control system and security control method for cloud data
CN102882682B (en) * 2012-09-19 2016-04-20 无锡华御信息技术有限公司 Based on identity identifying method and the system of GPS
EP2849448A1 (en) 2013-09-13 2015-03-18 Nagravision S.A. Method for controlling access to broadcast content
JP2015072654A (en) * 2013-10-04 2015-04-16 富士ゼロックス株式会社 Information processing apparatus and information processing program
CA2930525A1 (en) * 2013-11-29 2015-06-04 Icon Clinical Research Limited Clinical trial data capture
CN104581728A (en) * 2014-12-02 2015-04-29 东莞宇龙通信科技有限公司 Mobile terminal access control method and server
CN106162549A (en) * 2015-05-19 2016-11-23 中兴通讯股份有限公司 The processing method and processing device of access network
CN108369620A (en) * 2015-08-20 2018-08-03 艾佛伦美国公司 Method and apparatus for the electronic security(ELSEC) management based on geographical location
WO2017078723A1 (en) * 2015-11-05 2017-05-11 Hewlett-Packard Development Company, L.P. Local compute resources and access terms
US10897709B2 (en) * 2016-12-09 2021-01-19 Arris Enterprises Llc Wireless network authorization using a trusted authenticator
US10671063B2 (en) * 2016-12-14 2020-06-02 Uatc, Llc Vehicle control device
EP3958528A1 (en) * 2020-08-21 2022-02-23 Roche Diagnostics GmbH Location-based access control of a medical analyzer

Citations (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5243652A (en) * 1992-09-30 1993-09-07 Gte Laboratories Incorporated Location-sensitive remote database access control
US5757916A (en) * 1995-10-06 1998-05-26 International Series Research, Inc. Method and apparatus for authenticating the location of remote users of networked computing systems
US5790073A (en) * 1996-03-13 1998-08-04 Motorola, Inc. Radio telecommunication network with fraud-circumventing registration
US5903225A (en) * 1997-05-16 1999-05-11 Harris Corporation Access control system including fingerprint sensor enrollment and associated methods
US5922073A (en) * 1996-01-10 1999-07-13 Canon Kabushiki Kaisha System and method for controlling access to subject data using location data associated with the subject data and a requesting device
US6009116A (en) * 1995-05-05 1999-12-28 Philip A Rubin And Associates, Inc. GPS TV set top box with regional restrictions
US6104815A (en) * 1997-01-10 2000-08-15 Silicon Gaming, Inc. Method and apparatus using geographical position and universal time determination means to provide authenticated, secure, on-line communication between remote gaming locations
US6178236B1 (en) * 1996-03-27 2001-01-23 Siemens Information And Communication, Networks, Inc. Method and system for providing password protection
US20020002036A1 (en) * 2000-06-30 2002-01-03 Kabushiki Kaisha Toshiba Radio communication apparatus, radio communication system and stationary station
US6370629B1 (en) * 1998-10-29 2002-04-09 Datum, Inc. Controlling access to stored information based on geographical location and date and time
US20020094777A1 (en) * 2001-01-16 2002-07-18 Cannon Joseph M. Enhanced wireless network security using GPS
US20020129283A1 (en) * 2001-03-12 2002-09-12 International Business Machines Corporation Password value based on geographic location
US6457129B2 (en) * 1998-03-31 2002-09-24 Intel Corporation Geographic location receiver based computer system security
US20020137524A1 (en) * 2001-03-22 2002-09-26 International Business Machines Corporation System and method for providing access to mobile devices based on positional data
US20020161454A1 (en) * 2001-04-26 2002-10-31 Masaki Mukai Information processing system, information processing apparatus, information terminal, and method for control thereof
US20030035544A1 (en) * 2001-08-15 2003-02-20 Samsung Electronics Co., Ltd. Apparatus and method for secure distribution of mobile station location information
US20030073448A1 (en) * 2001-10-17 2003-04-17 Minolta Co., Ltd. Terminal device and termainal device operation management system and operation management method
US6624739B1 (en) * 1998-09-28 2003-09-23 Anatoli Stobbe Access control system
US20030184474A1 (en) * 2001-12-19 2003-10-02 Bajikar Sundeep M. Method and apparatus for controlling access to mobile devices
US20030217122A1 (en) * 2002-03-01 2003-11-20 Roese John J. Location-based access control in a data network
US6657535B1 (en) * 1998-08-31 2003-12-02 Hawkeye Global, Inc. System for signaling a device at a remote location
US20040002345A1 (en) * 2002-06-26 2004-01-01 Nec Corporation Network connection management system and network connection management method used therefor
US6720860B1 (en) * 2000-06-30 2004-04-13 International Business Machines Corporation Password protection using spatial and temporal variation in a high-resolution touch sensitive display
US20040111369A1 (en) * 2002-11-20 2004-06-10 Lane Kathleen Heila Method to associate the geographic location of a participant with the content of a communications session
US20040140898A1 (en) * 2000-06-20 2004-07-22 Reeves William Francis Bodily worn device for digital storage and retrieval of emergency medical records and personal identification
US6811488B2 (en) * 1999-12-27 2004-11-02 Virtgame Corp. Gaming system with location verification
US20040267551A1 (en) * 2003-06-26 2004-12-30 Satyendra Yadav System and method of restricting access to wireless local area network based on client location
US20050151623A1 (en) * 2001-08-10 2005-07-14 Von Hoffmann Gerard PDA security system
US6919790B2 (en) * 2002-04-18 2005-07-19 Hitachi, Ltd. Control system and method for controlling system
US6954862B2 (en) * 2002-08-27 2005-10-11 Michael Lawrence Serpa System and method for user authentication with enhanced passwords
US6971005B1 (en) * 2001-02-20 2005-11-29 At&T Corp. Mobile host using a virtual single account client and server system for network access and management
US7043754B2 (en) * 2003-06-12 2006-05-09 Michael Arnouse Method of secure personal identification, information processing, and precise point of contact location and timing
US7079652B1 (en) * 2001-05-01 2006-07-18 Harris Scott C Login renewal based on device surroundings
US7080402B2 (en) * 2001-03-12 2006-07-18 International Business Machines Corporation Access to applications of an electronic processing device solely based on geographic location

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5461390A (en) * 1994-05-27 1995-10-24 At&T Ipm Corp. Locator device useful for house arrest and stalker detection
JPH09204480A (en) * 1996-01-26 1997-08-05 Hitachi Ltd Transaction place management method in finance transaction system
US6138003A (en) * 1997-11-26 2000-10-24 Ericsson Inc. System and method for authorization of location services
US6154172A (en) * 1998-03-31 2000-11-28 Piccionelli; Gregory A. System and process for limiting distribution of information on a communication network based on geographic location
EP1282873A4 (en) * 2000-03-14 2003-08-27 Movious Ltd Dynamic content spreadsheet creation utilizing restricting access
JP2002163414A (en) * 2000-11-28 2002-06-07 Hitachi Ltd Electronic voting system using individual authentication by position information
EP1442350A2 (en) * 2001-04-12 2004-08-04 Netdesigns Limited User identity verification system
US7346358B2 (en) * 2002-06-24 2008-03-18 Intel Corporation Logical boundaries in communications networks
US7372839B2 (en) * 2004-03-24 2008-05-13 Broadcom Corporation Global positioning system (GPS) based secure access

Patent Citations (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5243652A (en) * 1992-09-30 1993-09-07 Gte Laboratories Incorporated Location-sensitive remote database access control
US6009116A (en) * 1995-05-05 1999-12-28 Philip A Rubin And Associates, Inc. GPS TV set top box with regional restrictions
US5757916A (en) * 1995-10-06 1998-05-26 International Series Research, Inc. Method and apparatus for authenticating the location of remote users of networked computing systems
US5922073A (en) * 1996-01-10 1999-07-13 Canon Kabushiki Kaisha System and method for controlling access to subject data using location data associated with the subject data and a requesting device
US5790073A (en) * 1996-03-13 1998-08-04 Motorola, Inc. Radio telecommunication network with fraud-circumventing registration
US6178236B1 (en) * 1996-03-27 2001-01-23 Siemens Information And Communication, Networks, Inc. Method and system for providing password protection
US6104815A (en) * 1997-01-10 2000-08-15 Silicon Gaming, Inc. Method and apparatus using geographical position and universal time determination means to provide authenticated, secure, on-line communication between remote gaming locations
US5903225A (en) * 1997-05-16 1999-05-11 Harris Corporation Access control system including fingerprint sensor enrollment and associated methods
US6457129B2 (en) * 1998-03-31 2002-09-24 Intel Corporation Geographic location receiver based computer system security
US6657535B1 (en) * 1998-08-31 2003-12-02 Hawkeye Global, Inc. System for signaling a device at a remote location
US6624739B1 (en) * 1998-09-28 2003-09-23 Anatoli Stobbe Access control system
US6370629B1 (en) * 1998-10-29 2002-04-09 Datum, Inc. Controlling access to stored information based on geographical location and date and time
US6811488B2 (en) * 1999-12-27 2004-11-02 Virtgame Corp. Gaming system with location verification
US20040140898A1 (en) * 2000-06-20 2004-07-22 Reeves William Francis Bodily worn device for digital storage and retrieval of emergency medical records and personal identification
US20020002036A1 (en) * 2000-06-30 2002-01-03 Kabushiki Kaisha Toshiba Radio communication apparatus, radio communication system and stationary station
US6720860B1 (en) * 2000-06-30 2004-04-13 International Business Machines Corporation Password protection using spatial and temporal variation in a high-resolution touch sensitive display
US20020094777A1 (en) * 2001-01-16 2002-07-18 Cannon Joseph M. Enhanced wireless network security using GPS
US6971005B1 (en) * 2001-02-20 2005-11-29 At&T Corp. Mobile host using a virtual single account client and server system for network access and management
US20020129283A1 (en) * 2001-03-12 2002-09-12 International Business Machines Corporation Password value based on geographic location
US7080402B2 (en) * 2001-03-12 2006-07-18 International Business Machines Corporation Access to applications of an electronic processing device solely based on geographic location
US20020137524A1 (en) * 2001-03-22 2002-09-26 International Business Machines Corporation System and method for providing access to mobile devices based on positional data
US20020161454A1 (en) * 2001-04-26 2002-10-31 Masaki Mukai Information processing system, information processing apparatus, information terminal, and method for control thereof
US7079652B1 (en) * 2001-05-01 2006-07-18 Harris Scott C Login renewal based on device surroundings
US20050151623A1 (en) * 2001-08-10 2005-07-14 Von Hoffmann Gerard PDA security system
US20030035544A1 (en) * 2001-08-15 2003-02-20 Samsung Electronics Co., Ltd. Apparatus and method for secure distribution of mobile station location information
US20030073448A1 (en) * 2001-10-17 2003-04-17 Minolta Co., Ltd. Terminal device and termainal device operation management system and operation management method
US20030184474A1 (en) * 2001-12-19 2003-10-02 Bajikar Sundeep M. Method and apparatus for controlling access to mobile devices
US20030217122A1 (en) * 2002-03-01 2003-11-20 Roese John J. Location-based access control in a data network
US7092943B2 (en) * 2002-03-01 2006-08-15 Enterasys Networks, Inc. Location based data
US6919790B2 (en) * 2002-04-18 2005-07-19 Hitachi, Ltd. Control system and method for controlling system
US20040002345A1 (en) * 2002-06-26 2004-01-01 Nec Corporation Network connection management system and network connection management method used therefor
US6954862B2 (en) * 2002-08-27 2005-10-11 Michael Lawrence Serpa System and method for user authentication with enhanced passwords
US20040111369A1 (en) * 2002-11-20 2004-06-10 Lane Kathleen Heila Method to associate the geographic location of a participant with the content of a communications session
US7043754B2 (en) * 2003-06-12 2006-05-09 Michael Arnouse Method of secure personal identification, information processing, and precise point of contact location and timing
US20040267551A1 (en) * 2003-06-26 2004-12-30 Satyendra Yadav System and method of restricting access to wireless local area network based on client location

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7526295B2 (en) * 2004-03-16 2009-04-28 Broadcom Corporation Integration of secure identification logic into cell phone
US20080051117A1 (en) * 2004-03-16 2008-02-28 Rajendra Khare Integration of secure identification logic into cell phone
US20080248812A1 (en) * 2004-03-24 2008-10-09 Sandeep Relan Global positioning system (gps) based secure access
US8423768B2 (en) * 2005-08-23 2013-04-16 Smarttrust Ab Method for controlling the location information for authentication of a mobile station
US20090222669A1 (en) * 2005-08-23 2009-09-03 Tea Vui Huang Method for controlling the location information for authentication of a mobile station
US7916074B2 (en) 2006-04-28 2011-03-29 Loctronix Corporation System and method for positioning in configured environments
US7511662B2 (en) 2006-04-28 2009-03-31 Loctronix Corporation System and method for positioning in configured environments
US9455762B2 (en) 2006-04-28 2016-09-27 Telecommunication Systems, Inc. System and method for positioning using hybrid spectral compression and cross correlation signal processing
US20070257831A1 (en) * 2006-04-28 2007-11-08 Loctronix Corporation System and method for positioning in configured environments
US8196169B1 (en) * 2006-09-18 2012-06-05 Nvidia Corporation Coordinate-based set top box policy enforcement system, method and computer program product
US9014666B2 (en) * 2006-12-15 2015-04-21 Avaya Inc. Authentication based on geo-location history
US20080146193A1 (en) * 2006-12-15 2008-06-19 Avaya Technology Llc Authentication Based On Geo-Location History
US20080270013A1 (en) * 2007-04-26 2008-10-30 Aisin Aw Co., Ltd. Vehicle position information providing devices, methods, and programs
US8244450B2 (en) * 2007-04-26 2012-08-14 Aisin Aw Co., Ltd. Vehicle position information providing devices, methods, and programs
US20080271150A1 (en) * 2007-04-30 2008-10-30 Paul Boerger Security based on network environment
US20110185408A1 (en) * 2007-04-30 2011-07-28 Hewlett-Packard Development Company, L.P. Security based on network environment
US8203426B1 (en) 2007-07-11 2012-06-19 Precision Edge Access Control, Inc. Feed protocol used to report status and event information in physical access control system
US8009013B1 (en) * 2007-09-21 2011-08-30 Precision Control Systems of Chicago, Inc. Access control system and method using user location information for controlling access to a restricted area
US7694130B1 (en) * 2008-09-12 2010-04-06 Michael Anthony Martinez System and method to authenticate a user utilizing a time-varying auxiliary code
US20100070757A1 (en) * 2008-09-12 2010-03-18 Michael Anthony Martinez System and method to authenticate a user utilizing a time-varying auxiliary code
US20100090827A1 (en) * 2008-10-14 2010-04-15 Todd Gehrke Location based proximity alert
US8525681B2 (en) 2008-10-14 2013-09-03 Telecommunication Systems, Inc. Location based proximity alert
US8878681B2 (en) 2008-10-14 2014-11-04 Telecommunication Systems, Inc. Location based proximity alert
US20110296513A1 (en) * 2010-05-27 2011-12-01 Farhad Kasad Location based security token
US9204294B2 (en) 2010-07-09 2015-12-01 Telecommunication Systems, Inc. Location privacy selector
US8904539B2 (en) 2013-03-07 2014-12-02 Ricoh Co., Ltd. Location constraints for template access and form activities
US9648002B2 (en) 2014-12-03 2017-05-09 Microsoft Technology Licensing, Llc Location-based user disambiguation
US10027648B2 (en) 2016-09-19 2018-07-17 International Business Machines Corporation Geolocation dependent variable authentication

Also Published As

Publication number Publication date
EP1580641A2 (en) 2005-09-28
CN1332281C (en) 2007-08-15
EP1580641A3 (en) 2008-05-21
US20050213519A1 (en) 2005-09-29
CN1673925A (en) 2005-09-28
US20080248812A1 (en) 2008-10-09

Similar Documents

Publication Publication Date Title
US7372839B2 (en) Global positioning system (GPS) based secure access
US11562644B2 (en) Proximity-sensor supporting multiple application services
US20060020816A1 (en) Method and system for managing authentication attempts
EP1488655B1 (en) Multiple security level mobile telecommunications device, system and method
US7769394B1 (en) System and method for location-based device control
US7360248B1 (en) Methods and apparatus for verifying the identity of a user requesting access using location information
US7591020B2 (en) Location based security modification system and method
US7308250B2 (en) Integration of secure identification logic into cell phone
US7231218B2 (en) Lawful intercept service
EP1678960B1 (en) System and method for determining location of rogue wireless access point
RU2204219C2 (en) Method for detecting copied international mobile subscriber identity (imsi) code in mobile communication network and mobile communication network component
US7308251B2 (en) Location-based authentication of wireless terminal
US20160261606A1 (en) Location-based network security
US20140051389A1 (en) Proximity-Based Authorization
JP2004118456A (en) Authentication system of mobile terminal using position information
CN107566382B (en) Identity verification method, service platform, operator authentication gateway and mobile terminal
GB2481587A (en) Generating one-time passwords (OTP) using a mobile phone
US8467808B1 (en) Mobile object location-based privacy protection
US7835724B2 (en) Method and apparatus for authenticating service to a wireless communications device
KR20150122637A (en) Utilizations and applications of near field communications in mobile device management and security
CN112804240B (en) Function control method, device, server, storage medium and product
US20030045270A1 (en) Fraud detection techniques for wireless network operators
US20040128391A1 (en) Method and system for managing a validity period in association with a presence attribute
CN103180861A (en) User verification device and user verification method
ES2356058T3 (en) PROCEDURE AND EQUIPMENT TO CONTROL INFORMATION PROVIDED TO A USER IN A NETWORK.

Legal Events

Date Code Title Description
AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RELAN, SANDEEP;MISHRA, BRAJABANDHU;KHARE, RAJENDRA;REEL/FRAME:014747/0704

Effective date: 20040323

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

AS Assignment

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001

Effective date: 20170119

AS Assignment

Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE

Free format text: MERGER;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:047195/0658

Effective date: 20180509

AS Assignment

Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE EFFECTIVE DATE OF MERGER PREVIOUSLY RECORDED ON REEL 047195 FRAME 0658. ASSIGNOR(S) HEREBY CONFIRMS THE THE EFFECTIVE DATE IS 09/05/2018;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:047357/0302

Effective date: 20180905

AS Assignment

Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ERROR IN RECORDING THE MERGER PREVIOUSLY RECORDED AT REEL: 047357 FRAME: 0302. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:048674/0834

Effective date: 20180905

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12